1. Symantec/
  2. Security Response/
  3. W32.Dabber.B


Risk Level 2: Low

June 4, 2004
February 13, 2007 12:24:03 PM
Also Known As:
Win32.Dabber.B [Computer Assoc, Net-Worm.Win32.Dabber.c [Kaspe, Exploit-DcomRpc.gen [McAfee], W32/Dabber-C [Sophos], WORM_DABBER.C [Trend Micro]
Systems Affected:

W32.Dabber.B is a variant of W32.Dabber.A. This worm propagates by exploiting a vulnerability in the FTP server component of W32.Sasser.Worm and its variants.

W32.Dabber.B is based on available exploit code. It installs a backdoor on infected hosts and tries to listen on port 9898. If the attempt fails, W32.Dabber.B tries to listen on ports 9899 through 9999 in sequence until it finds an open port.

This threat is written in C++ and is packed with UPX.

Antivirus Protection Dates

  • Initial Rapid Release version June 5, 2004
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version June 5, 2004
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date June 7, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Kevin Ha

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube